When I audit a system via Terminal Services, I usually map a drive to or from the system depending on what the Firewall will allow.

Sometimes, it won’t allow either, though. In those cases one of the few options remaining is to configure mstsc.exe to expose a local drive on your client system to the server, accessing it via \\tsclient. But, you probably want to avoid exposing your whole C: drive.

Assuming that you didn’t have the foresight to create a dedicated partition for this purpose (I didn’t), you can easily simulate a drive using subst:

subst s: c:\share

Then you can configure mstsc.exe to only share your S: drive, leaving you less exposed.